Analysis

North Korea’s Lazarus Group Behind The $100 Million Theft On Harmony?

Harmony attackers transferred over 18,000 ETH to three addresses, most of which was subsequently transferred to Tornado Cash in batches of 100 ETH. The attacker’s wallet also contained 49,794 ETH. Elliptic appears to be a North Korean hack similar to the Ronin hack.

Lazarus Group is the top suspect

On the morning of June 24th, over $100 million in cryptoassets was stolen from Horizon Bridge – a service that allows assets to be transferred between the Harmony blockchain and other blockchains.

The stolen cryptoassets included Ether (ETH), Tether (USDT), Wrapped Bitcoin (WBTC) and BNB. The thief immediately used Uniswap – a decentralized exchange (DEX) – to convert much of these assets into a total of 85,837 ETH. This is a common laundering technique used to avoid seizure of stolen assets.

The Horizon Bridge hacker has so far sent 41% of the $100 million in stolen cryptoassets into the Tornado Cash mixer.

Following the trail after the Horizon hack. Source: Elliptic

Mixers such as Tornado Cash are used to hide the transaction trail. However, Elliptic has used its Tornado demixing capability to trace all of the stolen funds through Tornado and onwards to other wallets. Users of Elliptic’s solutions can now screen wallets and transactions for links to the stolen funds – even those that have passed through Tornado.

According to the analysis of Elliptic, it is consistent with the activities of Lazarus Group – a cybercrime group with close links to North Korea.

  • The Lazarus Group has perpetrated several large cryptocurrency thefts totaling over $2 billion, and has recently turned its attention to DeFi services such as cross-chain bridges. For example, the group is believed to be behind the $540 million hack of Ronin Bridge.
  • The theft was perpetrated by compromising the cryptographic keys of a multi-signature wallet – likely through a social engineering attack on Harmony team members. Such techniques have frequently been used by the Lazarus Group.
  • Lazarus Group tends to focus on APAC-based targets, perhaps for language reasons. Although Harmony is based in the US, many of the core team have links to the APAC region.
  • The regularity of the deposits into Tornado over extended periods of time suggests that an automated process is being used. We have observed very similar programmatic laundering of funds stolen from the Ronin Bridge, which has been attributed to Lazarus, as well as a number of other attacks linked to the group.
  • The relatively short periods during which the stolen funds stop being moved out of Tornado cash are consistent with APAC nighttime hours.

The stolen funds as the laundering progresses, and will update its tools to reflect the movement of these assets.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Foxy

CoinCu News

Victor

Recent Posts

Best Altcoins to Buy Today: Qubetics Rides 1000x Potential to Hit $2.6M, Ethereum Stays Rangebound, Tron USDT Transactions Hit $52B

Discover the best cryptos to buy and hold today: Qubetics leads with 1000x potential, Ethereum…

52 minutes ago

Trump Media Company Is Pushing New Venture For Crypto Service

With the platform facing a cracked whip, Trump Media company is expanding into new business…

2 hours ago

Crypto Advisory Council Now A White House Position Attracting Leaders

Major crypto firms, including Ripple, Kraken, and Circle, are competing for spots on President-elect Donald…

2 hours ago

Analyst Sounds Major Breakout Alert Amid Shiba Inu, WallitIQ, And Dogecoin Price Recoveries

Analysts highlight a breakout alert as Shiba Inu (SHIB), and Dogecoin show signs of recovery…

3 hours ago

SEC Chair Gary Gensler Will Lose Power From January 20

SEC Chair Gary Gensler will step down on January 20, 2025, coinciding with President-elect Donald…

3 hours ago

MicroStrategy Convertible Notes Now Out of Stock With $3B Raised

The MicroStrategy convertible notes offering, initially set at $1.75 billion, was increased to $2.6 billion…

3 hours ago

This website uses cookies.